|
On Wed, 2007-02-21 at 16:47 -0600, Matthew wrote:
> I'm open to any suggestions or theories at this point but I want to
> remind everyone that this problem is not constant.
Neither is Internet routing. Somewhere - possibly your clients'
upstreams, or more likely you or your your hosts' upstreams - there is a
network or a network link that is doing something different from one day
to the next. Perhaps it's routing around congestion, or AS path changes,
or BGP localpref tweaks, or, or, or... well, put simply, the networks
between the two locations are outside your control. Hell, it's probably
true that the networks the LVS cluster is one *and* that of the clients
is outside your control to a greater degree (of course, you could be an
ISP in which case I'll shut up about that!).
> > What happens if you do some MSS tuning to smaller sizes (or at the very
> > least, both the same) on both the director *and* realserver's outside
> > interfaces?
>
> How do I do that?
Ummm...
Put the same iptables rule on the director and the realservers that you
already posted, but pull the "TCPMSS set" down. Or, at least, make them
the same - otherwise any ICMP responses saying "my MSS (or MTU) is X
bytes" going from the director could differ with the realserver - or
those from the client to the director could be interpreted there, and
the realserver then sends much larger packets.
I'd pull it down to something like 400 or 500 bytes on both director &
realservers, and work up from there.
Graeme
|
